#!/bin/bash 
set -e


TMP=${TMP:-/tmp/work}
LOG=${LOG:-$HOME/logs/stage4}
SRC=${SRC:-/sources}

name=libpwquality
version=1.4.4

rm -rf $TMP
mkdir -p $TMP $LOG

tar xf $SRC/$name-$version.tar.bz2 -C $TMP

{ time \
   {

    cd $TMP/$name-$version
    
	./configure --prefix=/usr                  \
	            --disable-static               \
	            --with-securedir=/lib/security \
	            --with-python-binary=python3
	make

	make install 

	mv -v /usr/lib/libpwquality.so.* /lib
	ln -sfv ../../lib/$(readlink /usr/lib/libpwquality.so) /usr/lib/libpwquality.so

	mv /etc/pam.d/system-password{,.orig}
	cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password

# check new passwords for strength (man pam_pwquality)
password  required    pam_pwquality.so   authtok_type=UNIX retry=1 difok=1 \
                                         minlen=8 dcredit=0 ucredit=0 \
                                         lcredit=0 ocredit=0 minclass=1 \
                                         maxrepeat=0 maxsequence=0 \
                                         maxclassrepeat=0 geoscheck=0 \
                                         dictcheck=1 usercheck=1 \
                                         enforcing=1 badwords="" \
                                         dictpath=/lib/cracklib/pw_dict
# use sha512 hash for encryption, use shadow, and use the
# authentication token (chosen password) set by pam_pwquality
# above (or any previous modules)
password  required    pam_unix.so        sha512 shadow use_authtok

# End /etc/pam.d/system-password
EOF

    }
} 2>&1 | tee $name.log
    
[ $PIPESTATUS = 0 ] && mv $name.log $LOG || exit $PIPESTATUS

rm -fr $TMP
